rspec/rules/S5659/python/rule.adoc

include::../description.adoc[]

== Noncompliant Code Examples

For https://github.com/jpadilla/pyjwt[pyjwt] module:

----
jwt.decode(token, verify = False)  # Noncompliant
jwt.decode(token, key, options={"verify_signature": False})  # Noncompliant
----
For https://github.com/davedoesdev/python-jwt[python_jwt] module:

----
jwt.process_jwt(token)  # Noncompliant
----

== Compliant Solution

For https://github.com/jpadilla/pyjwt[pyjwt] module:

----
jwt.decode(token, key, algo)
----
For https://github.com/davedoesdev/python-jwt[python_jwt] module:

----
jwt.process_jwt(token)  #  Compliant because followed by verify_jwt()
jwt.verify_jwt(token, key, algo)
----

include::../see.adoc[]